News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara's Blog:
Security Review Creating a Secure PHP Login Script
August 03, 2011 @ 12:02:19

In response to this article from DevShed about creating a "simple and secure login script", Anthony Ferrara has written up this post to help dispel some of the inaccuracies, bad practices and security issues that could result from DevShed's code.

I decided to click the link [in my feed reader] and give the article a read. Not overly shocking was the fact that I didn't find the content of the article to be, how shall I say this..., overly factual. It's not really a "tutorial", but more of a "here's some code that's secure". A quick review of the code found more than one vulnerability, and some significant things that I would change about it (as well as a few "really bad practices").

He walks through each of the files included in the original tutorial - Authenticate.php, Register.php and Logout.php - and talks about things like brute force detection, password verification, registration handling and session serialization. He finishes it off with a list of twelve overall issues he noticed during his work along with solutions for each (usually very simple ones too).

1 comment voice your opinion now!
security review response devshed secure login tutorial


blog comments powered by Disqus

Similar Posts

SitePoint PHP Blog: Social Network Style Posting with PHP, MongoDB and jQuery - part 1

BarelyFitz.com: CSS Colors - Take Control Using PHP

Chance Garcia's Blog: MAMP PRO, PECL, SSH2, and OSX CLI (AKA acronym madness)

ServerGrove Blog: Symfony2 components overview: Templating

Raphael Stolt's Blog: Getting a visualization of a Phing buildfile


Community Events





Don't see your event here?
Let us know!


unittest api interview introduction framework community version opinion release composer list configure conference language series laravel symfony podcast threedevsandamaybe voicesoftheelephpant

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework